With the increased use of computer networks, including the Internet, computer security has become an important consideration. There are many techniques currently in use for protecting computer systems connected to a network. For example, firewalls and computer virus software attempt to protect computers from various types of attacks. These techniques are helpful in preventing the spread of computer viruses as well as other types of network attacks.
Another aspect of computer security is investigation. That is, once a particular network attack or attempted attack has taken place, an investigation is launched in order to determine the source of the attack.
One known technique for investigating computer network attacks is through the use of a computer processor identifier. Recent computer processor technology allows the incorporation of a unique identifier into every processor. These identifiers are hardwired into the processor's design, and as such, cannot be changed or modified via software. One technique for using these identifiers for investigative purposes is to label documents and programs created or transmitted by the processor (or the computer system utilizing the processor) with the unique identifier. As such, if a virus is created by a particular computer, in certain cases it may be possible to examine the virus code to determine the processor identifier. In such cases, if the computer manufacturer (or another entity) maintains a database associating processor identifiers with specific users, then the virus could be traced back to the particular user.
However, there are significant privacy problems associated with the above described use of processor identifiers. Such privacy problems exist even under the assumption that the database is held in confidence by the computer manufacturer (or other entity). For example, all documents produced by a particular processor can be matched to each other by examining the identifier. This alone is a serious privacy concern. Especially when taking into account the myriad of attempts by Internet merchants to collect user information, the mere correlation of processor identifiers, especially in combination with other data collected over time, could reveal the identity of users.
Another problem is one of framing, and is related to the broader problem of identity theft. An attacker may learn the processor identification associated with a legitimate user (for example by examining documents known to be created by the legitimate user). The attacker may then replace his/her own processor identification with the processor identification of the legitimate user in documents created by the attacker. If one such document is a virus, for example, then upon investigation of the virus code, authorities would be led to believe that the legitimate user was the source of the virus.